1
Programmers corner / Re: Security via Sandboxie and naming obscurity
« on: October 17, 2012, 04:58:10 PM »
Very cool. That worked, thanks.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: 1
2
Programmers corner / Re: Security via Sandboxie and naming obscurity
« on: October 12, 2012, 08:34:40 PM »
What about archive and file listing? I am now using the beta 2.3
I just realized that if I add ~files.lst?recursive to any folder, including, the root it shows everything!!
Same with ~folder.tar?recursive which would download everything.
Can these two features be disabled?
I just realized that if I add ~files.lst?recursive to any folder, including, the root it shows everything!!
Same with ~folder.tar?recursive which would download everything.
Can these two features be disabled?
3
Programmers corner / Security via Sandboxie and naming obscurity
« on: August 24, 2012, 02:18:36 AM »
Looking for feedback on my security implementations. Very impressed with the program.
My Setup
My set up has HFS running on a subdomain of my site: ie transfer.mysite.com
It runs on a Windows Storage Server 2008 essentially win server 2008
The storage server shares a folder called transfer that all users on the network can access via a mapped drive that is T: for them. Transfer has 2 folders: Download and Upload.
On HFS, it hosts the Transfer folder as a real folder.
Thus when any user on the network places a file in t:\downlaods\ HFS shares it.
HFS runs in Sanboxie on the Storage Server. My thinking is that if some exploit is found and used against me the attacker will be limited to the sandboxed conditions. I know its possible an exploit may come along and they may be able to read other files hosted via an exploit but as far as writing any file except in the upload folder, compromising the OS or accessing anything else on the network (sanboxie completely restricts HFS from accessing network shares and other certain local folders that may be sensitive.)
My other security measure that covers access to other files is obscurity, by having users place files in long folder names and to mask the root folder of all of them with a random string so that ppl cannot 'browse' and see other folders, they can only see the files of the folder they are in (but not its subdirectories). Thus If I give someone a link http://transfer.mysite.com/downloads/ShareA876g4783202/ they can only see the files in that folder and not even its sub directories.
If they got snoopy and went to http://transfer.mysite.com/downloads/ they would see no files because that folder only contains folders (no loose files) and the folders are masked so they don't see anything
My thinking is that if they wanted to access another folder I share they would have to guess what it is.
Since my set up involves users not on the HFS PC placing files via windows file share into folders that HFS hosts, they do not have practical access to the HFS program interface to always set passwords and username for the folders they create. See http://www.rejetto.com/forum/index.php/topic,10803.0.html for more on my settup with users not on the HFS pc.
Thus by prohibiting the viewing of folders through a mask that is a random string and doesnt match any actual folder name and making it difficult to guess the names of other folders I figure I am pretty secure.
One big concern would be if a public user could turn the mask off.
Thanks
My Setup
My set up has HFS running on a subdomain of my site: ie transfer.mysite.com
It runs on a Windows Storage Server 2008 essentially win server 2008
The storage server shares a folder called transfer that all users on the network can access via a mapped drive that is T: for them. Transfer has 2 folders: Download and Upload.
On HFS, it hosts the Transfer folder as a real folder.
Thus when any user on the network places a file in t:\downlaods\ HFS shares it.
HFS runs in Sanboxie on the Storage Server. My thinking is that if some exploit is found and used against me the attacker will be limited to the sandboxed conditions. I know its possible an exploit may come along and they may be able to read other files hosted via an exploit but as far as writing any file except in the upload folder, compromising the OS or accessing anything else on the network (sanboxie completely restricts HFS from accessing network shares and other certain local folders that may be sensitive.)
My other security measure that covers access to other files is obscurity, by having users place files in long folder names and to mask the root folder of all of them with a random string so that ppl cannot 'browse' and see other folders, they can only see the files of the folder they are in (but not its subdirectories). Thus If I give someone a link http://transfer.mysite.com/downloads/ShareA876g4783202/ they can only see the files in that folder and not even its sub directories.
If they got snoopy and went to http://transfer.mysite.com/downloads/ they would see no files because that folder only contains folders (no loose files) and the folders are masked so they don't see anything
My thinking is that if they wanted to access another folder I share they would have to guess what it is.
Since my set up involves users not on the HFS PC placing files via windows file share into folders that HFS hosts, they do not have practical access to the HFS program interface to always set passwords and username for the folders they create. See http://www.rejetto.com/forum/index.php/topic,10803.0.html for more on my settup with users not on the HFS pc.
Thus by prohibiting the viewing of folders through a mask that is a random string and doesnt match any actual folder name and making it difficult to guess the names of other folders I figure I am pretty secure.
One big concern would be if a public user could turn the mask off.
Thanks
4
Programmers corner / Shell Menu for Network Users (ie non HFS host computers)
« on: August 24, 2012, 01:58:12 AM »
Hey came across this program the other day and have been very impressed.
I thought Id share a solution to add a shell menu (right click menu) to other computers on the same network so that they can right click on a file (located on a network drive and within a folder that HFS is sharing) to copy the public link for a file that HFS is hosting.
My Setup
My set up has HFS running on a subdomain of my site: ie transfer.mysite.com
It runs on a Windows Storage Server 2008.
The storage server shares a folder called transfer that all users on the network can access via a mapped drive that is T: for them. Transfer has 2 folders: Download and Upload.
On HFS, it hosts the Transfers folder as a real folder.
Thus when any user on the network places a file in t:\downlaods\ HFS shares it.
The point of this shell menu is to allow that user to right click on the file and copy its public web address. So if a network user right clicks on t:\downloads\TestFolder\testfile.txt they can click 'copy share link' and it will copy to their clipboard http://transfer.mysite.com/downloads/testfolder/testfile.txt which can then be pasted in an email.
Instructions
I got a bulk of the idea and coding from the great person who wrote an article on how they made a shell copy file path program. http://www.gnostice.com/nl_article.asp?id=168 This guys program just copied the straight file path and I modified his code so that it replaced part of the file path with the http link.
So my .reg files to install the registry entries for the shell context menu were:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\*\Shell\Copy File SHARE Link\Command]
@="\"C:\\Program Files\\Copy Filename\\sharelink.exe\" \"%1\""
[HKEY_CLASSES_ROOT\Directory\Shell\Copy Folder SHARE Link\Command]
@="\"C:\\Program Files\\Copy Filename\\sharelink.exe\" \"%1\""
I downloaded VB express 2010 for free from microsoft and wrote my module like this: (note my module accounts for whther people access the share via the mapped drive t: or using the straight UNC path \\storage... the program allows notifies them if they are attempting to copy the share link for a file that isnt in a directory that HFS is serving which it determines based on the first 12 characters of the path)
Module Module1
Sub Main()
Dim strPathname As String
Dim errCheck As String
strPathname = Command()
'sets this string variable to the full file path which contains " around it
strPathname = Right(Command, Len(Command) - 1)
'deletes the right "
strPathname = Left(strPathname, Len(Command) - 2)
'deletes the left quote leaving the string as just the straight file path
errCheck = Left(strPathname, 12)
'the following makes sure the user is using a file that is actually in the directory shared by HFS based on first 12 characters of the file path
If (errCheck <> "T:\Downloads") Then
If (errCheck <> "\\storage\tr") Then
MsgBox("You have not placed this file or folder in the correct location. To make it publicly downloadable on transfer.mysite.com, you must place the file in a folder with in T:\downloads\ (aka \\storage\transfer\Downloads\ ).", MsgBoxStyle.Exclamation, "Share Error! " + errCheck)
End If
End If
'error check done- the program replaces the beginning of the actual file path and substitutes mysites public address.
strPathname = Replace(strPathname, "\\storage\transfer\Download", "http://transfer.mysite.com/download")
Replace(strPathname, "T:\Download", "http://transfer.mysite.com/download")
'it then flips all the \ in the file path and makes them / for http addresses
strPathname = Replace(strPathname, "\", "/")
'then it copies the string to the clipboard
Clipboard.Clear()
Clipboard.SetText(strPathname)
End Sub
End Module
I then wrote this code on the form that loads first so that it invokes the module:
Public
Class Form1
Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
Me.Hide()
Module1.Main()
Me.Close()
End Sub
Then compiled as sharelink.exe and placed it in C:\Program Files\Copy Filename\sharelink.exe (note it must be in this directory per the registry file I made) See the article I based my work on for more explanation on all this. I next plan to install the reg file and the exe via group policy to all the domain computers.
Let me know if you have any questions. I am a very basic programmer but I'll do my best to help.
I thought Id share a solution to add a shell menu (right click menu) to other computers on the same network so that they can right click on a file (located on a network drive and within a folder that HFS is sharing) to copy the public link for a file that HFS is hosting.
My Setup
My set up has HFS running on a subdomain of my site: ie transfer.mysite.com
It runs on a Windows Storage Server 2008.
The storage server shares a folder called transfer that all users on the network can access via a mapped drive that is T: for them. Transfer has 2 folders: Download and Upload.
On HFS, it hosts the Transfers folder as a real folder.
Thus when any user on the network places a file in t:\downlaods\ HFS shares it.
The point of this shell menu is to allow that user to right click on the file and copy its public web address. So if a network user right clicks on t:\downloads\TestFolder\testfile.txt they can click 'copy share link' and it will copy to their clipboard http://transfer.mysite.com/downloads/testfolder/testfile.txt which can then be pasted in an email.
Instructions
I got a bulk of the idea and coding from the great person who wrote an article on how they made a shell copy file path program. http://www.gnostice.com/nl_article.asp?id=168 This guys program just copied the straight file path and I modified his code so that it replaced part of the file path with the http link.
So my .reg files to install the registry entries for the shell context menu were:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\*\Shell\Copy File SHARE Link\Command]
@="\"C:\\Program Files\\Copy Filename\\sharelink.exe\" \"%1\""
[HKEY_CLASSES_ROOT\Directory\Shell\Copy Folder SHARE Link\Command]
@="\"C:\\Program Files\\Copy Filename\\sharelink.exe\" \"%1\""
I downloaded VB express 2010 for free from microsoft and wrote my module like this: (note my module accounts for whther people access the share via the mapped drive t: or using the straight UNC path \\storage... the program allows notifies them if they are attempting to copy the share link for a file that isnt in a directory that HFS is serving which it determines based on the first 12 characters of the path)
Module Module1
Sub Main()
Dim strPathname As String
Dim errCheck As String
strPathname = Command()
'sets this string variable to the full file path which contains " around it
strPathname = Right(Command, Len(Command) - 1)
'deletes the right "
strPathname = Left(strPathname, Len(Command) - 2)
'deletes the left quote leaving the string as just the straight file path
errCheck = Left(strPathname, 12)
'the following makes sure the user is using a file that is actually in the directory shared by HFS based on first 12 characters of the file path
If (errCheck <> "T:\Downloads") Then
If (errCheck <> "\\storage\tr") Then
MsgBox("You have not placed this file or folder in the correct location. To make it publicly downloadable on transfer.mysite.com, you must place the file in a folder with in T:\downloads\ (aka \\storage\transfer\Downloads\ ).", MsgBoxStyle.Exclamation, "Share Error! " + errCheck)
End If
End If
'error check done- the program replaces the beginning of the actual file path and substitutes mysites public address.
strPathname = Replace(strPathname, "\\storage\transfer\Download", "http://transfer.mysite.com/download")
Replace(strPathname, "T:\Download", "http://transfer.mysite.com/download")
'it then flips all the \ in the file path and makes them / for http addresses
strPathname = Replace(strPathname, "\", "/")
'then it copies the string to the clipboard
Clipboard.Clear()
Clipboard.SetText(strPathname)
End Sub
End Module
I then wrote this code on the form that loads first so that it invokes the module:
Public
Class Form1
Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
Me.Hide()
Module1.Main()
Me.Close()
End Sub
Then compiled as sharelink.exe and placed it in C:\Program Files\Copy Filename\sharelink.exe (note it must be in this directory per the registry file I made) See the article I based my work on for more explanation on all this. I next plan to install the reg file and the exe via group policy to all the domain computers.
Let me know if you have any questions. I am a very basic programmer but I'll do my best to help.
Pages: 1